by Dave Grattan, P.E., CFSE
One of the fundamental assumptions made when using standard LOPA (Layer of Protection Analysis) is that the barriers selected for a common threat path are independent. In most cases the analysis made by the LOPA team is adequate to judge the degree of independence between barriers. However, this may not always be the case, especially when the desired LOPA target is less than 1e-4 per year. In these cases, LOPA is more susceptible to unaccounted for system effects, than to independent random failures (what LOPA assumes). Another way to say this is that whenever a model (for example, LOPA) predicts that a failure will occur with a negligible chance, the probability that the model can fail becomes important.
Potential failure paths can emerge between barriers in a common threat path due to what is known as “system effects.” That is, to the interaction between otherwise independent barriers due to common support systems (for example, Maintenance), or other Operational or Management impacts. Emergence is a system effect that cannot be identified through other methods, such as IPL (Independent Protection Layer) validation. However, Human Factors methods exist that provide a framework for discovering emergent failures between barriers due to system effects.
This paper will discuss the application of one such system technique known as “NET-HARMS” (Networked Hazard Analysis and Risk Management System). The NET-HARMS technique is a combination of two well-established Human Factors methods, the first being HTA (Hierarchical Task Analysis) and secondly, a modified SHERPA (Systematic Human Error Reduction and Prediction Approach) as the taxonomy used to classify system failures. Both methods are easy to use and can be learned quickly with a little practice. The author has several years’ worth of experience applying these methods to difficult LOPA problems involving administrative controls, and will show how this analysis can be extended to include hardware barriers as well.